svchost.exe malware

[REDACTED]

have warning popping up of svchost.exe 
log from malwarebytes

[Pondus]

follow instructions  https://forum.avast.com/index.php?topic=53253.0

malware team will be back online tomorrow ...

[REDACTED]

ok thanks

[REDACTED]

frst log and addition log

[TwinHeadedEagle]

Hello,


Scan with ZOEK

Please download ZOEK by Smeenk and save it to your desktop (preferred version is the *.exe one)
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

• Right-click on icon and select Run as Administrator to start the tool.
  
• Wait patiently until the main console will appear, it may take a minute or two.
• In the main box please paste in the following script:

Code: [Select]

createsrpoint;
autoclean;
emptyalltemp;
ipconfig /flushdns;b

• Make sure that Scan All Users option is checked.
  
• Push Run Script and wait patiently. The scan may take a couple of minutes.
  
• When the scan completes, a zoek-results logfile should open in notepad.
  
• If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)

Post its content into your next reply.

[REDACTED]

alwaysisobar came up after reboot

log

[TwinHeadedEagle]

Scan with Farbar Recovery Scan Tool

Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system.

• Right-click on icon and select Run as Administrator to start the tool.
  (XP users click run after receipt of Windows Security Warning - Open File).
  
• Make sure that Addition option is checked.
  
• Press Scan button and wait.
  
• The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.
  

Please include their content into your next reply.

[REDACTED]

logs

[TwinHeadedEagle]

How this issue started?

[REDACTED]

not sure about how it started. maybe 2-4 weeks ago it just came up one day.  it was many warnings, but now its just the alwaysisobar only. all other warning have stopped.    would you like me to re run everything from the start with malwarebytes on down.

[TwinHeadedEagle]

Fix with ZOEK

This fix was created for this user for use on that particular machine.
Running it on another one may cause damage and render the system unstable.

Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

• Right-click on icon and select Run as Administrator to start the tool.
  
• Wait patiently until the main console will appear, it may take a minute or two.
• In the main box please paste in the following script:

Code: [Select]

createsrpoint;
ffdefaults;
chrdefaults;
bitsadmin /reset /allusers;b


• Make sure that Scan All Users option is checked.
  
• Push Run Script and wait patiently. The scan may take a couple of minutes.
  
• When the scan completes, a zoek-results logfile should open in notepad.
  
• If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)

Post its content into your next reply.

[REDACTED]

not sure what has happened, but zoek will not run. I tried it 3 times yesterday, the program starts and I copy the script into it and start scan and it starts working but never finishes.  I left it going all night and today through my work hours and just got home to see the same window open.  it just won't finish running. 

don't know when you will get back to me. I'll try and run malwarebytes again along with the other programs you had me use to get some more logs for you.  we'll see what happens
   

[REDACTED]

ok so I have been on pc for about an hour now with no pop up's.  its all to weird for me haha . anyway take a look at these new logs and tell me if I'm out of this mess
Thanks

[TwinHeadedEagle]

Yes, Zoek probably did its job

Is everything okay now?

[REDACTED]

ok, I've been on for about 2 hours now and no more pop up warnings....  I think you got !!!
thanks